A network address translation (NAT) technology belongs to a technology for accessing a wide area network and is a translation technology for translating a private address/port into a public address/port. It is widely applied in various network access manners and various networks.
In the prior art, as a virtualization technology is introduced, a virtual machine (VM) may be migrated among different data centers, and a NAT mapping entry that the VM has applied is migrated accordingly. For example, when a VM is migrated from a first data center to a second data center, a NAT mapping entry that the VM has applied is migrated accordingly; however, because the NAT mapping entry of the VM is used still through the first data center but the migrated VM is located in the second data center, the VM needs to perform information exchange with the first data center through the second data center when using the NAT mapping entry. In this way, the VM is prone to a release attack of an attacker. For example, when the VM is using a certain address, the attacker sends, to the first data center, a message for requesting a release of the address, which affects the VM that is using the address.
In addition, when the VM is migrated, a normal application of the VM may be affected because too many VMs are migrated to the second data center, which goes beyond planning performed by the second data center on NAT address resources.